02-09-2024 07:29 AM
I have a question on one of the BGP settings when Cloudblades is set up.
In the BGP config on the site, one of the options is "Prisma forward received Branch Routes from Prisma SD-WAN"
Would leaving this unchecked be the equivalent of setting a BGP no-advertise community string?
My customer doesn't have the network-interconnect license for Prisma so I need to ensure that traffic from mobile users to remote networks doesn't go direct as it will drop. I need the traffic to go back down the service connection and to the DC IONs and over the fabric.
06-27-2024 10:46 AM - edited 06-27-2024 10:47 AM
I hope you found your answer by now, but to answer the question: Yes, with a twist.
Unchecking that instructs Prisma Access not to advertise learned routes from RNs down to the other RNs. The main purpose of this feature is to allow for site to site traffic within Prisma Access and for other mechanisms like traffic steering, etc. That said, keep in mind that this is relevant only to Remote Networks.
Mobile Users isn't on the same network as Remote Networks (separate routing domains) so having this enabled doesn't impact the routing of Mobile Users unless you have service connections that have the RN subnets defined where the MU traffic can hairpin. Without other SCs that advertise the specifc RN subnets into MU (called dummy SCs since they don't terminate), the traffic will go to the nearest (or only) SC that has the best match for the destination prefix and thus to the endpoint they terminate to.
Hope that helps.
Thanks,
Miguel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
